Re: Re: Re: What libs req'd to resolve DNS within achroot jail?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



"William L. Maltby" <CentOS4Bill@xxxxxxxxxxxx> 
wrote in message 
news:1200354890.5507.35.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> On Mon, 2008-01-14 at 17:53 -0500, Eric B. wrote:
>> > Eric B. wrote:
>> >>>><snip>
>> >> Thanks for the feedback Rick.  I didn't realize that security
>> >> implication.
>> >> However I'm already running this on a machine that is heavily 
>> >> firewalled
>> >> on
>> >> a VPN so I am fairly sure that no one will be accessing this 
>> >> externally,
>> >> but
>> >> I still would like to restrict access to particular machines. 
>> >> Ideally,
>> >> would rather use FQDN to make life easier for me to administer.  I 
>> >> have
>> >> created my additional reverse-dns pointer but I am still having 
>> >> problems
>> >> with it.
>> >>
>> >> nslookup from the server gives me:
>> >> # nslookup 192.168.3.103
>> >> Server:         192.168.1.67
>> >> Address:        192.168.1.67#53
>> >>
>> >> 103.3.168.192.in-addr.arpa    name =
>> >> eric.test.com.3.168.192.in-addr.arpa.
>> >>
>> >
>> > It looks like there is a missing trailing dot in your DNS zone
>> > configuration. I doubt you are authoritative for the in-addr.arpa zone.
>> >
>> > in your zone file, you should have something like
>> > 103 IN PTR eric.test.example.
>> > (notice the last dot). Otherwise, the zone name (@ORIGIN) will be 
>> > added.
>> >
>> >
>> > make sure you have a matching reverse _and_ forward resolution. you
>> > should get something like:
>> >
>> > 192.168.3.103 => eric.test.example
>> > _and_
>> > eric.test.example => 192.168.3.103
>> >
>> > If you only have the reverse lookup, the result is untrusted and sane
>> > applications should ignore it.
>>
>>
>> Thanks for the pointer.  Indeed, I was missing the trailing . after my 
>> FQDN
>> in my revers file.  I have updated my reverse files, and nslookup is
>> resolving better, but still not further ahead.
>>
>> My reverse file: 3.168.192.in-addr.arpa now contains the following line:
>> 103             IN PTR  eric.test.com.
>>
>>
>> If I try nslookups now, my results are as follows:
>>
>> # nslookup 192.168.3.103
>> Server:         192.168.1.67
>> Address:        192.168.1.67#53
>>
>> 103.103.168.192.in-addr.arpa    name = eric.test.com.
>>
>> # nslookup eric.test.com
>> Server:         192.168.1.67
>> Address:        192.168.1.67#53
>>
>> Name:   eric.test.com
>> Address: 192.168.3.103
>>
>>
>> So from that, it seems as though the DNS / rDNS are properly configured,
>> does it not?  Similarly, I have both the forward and reverse domain name 
>> on
>> the DNS server as the nslookups show.  However, I still get the same 
>> error
>> msg:
>> Jan 14 17:46:50 apollo atftpd[15905]: Connection refused from
>> 192.168.103.103
>              AAA
> Correct? -----|||

Whoops - cut & paste typo.  That line is supposed to read:
Jan 14 17:46:50 apollo atftpd[15905]: Connection refused from 192.168.3.103





_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux